Reflected XSS Vulnerability in Sunshine Photo Cart
CVE-2024-30194

6.1MEDIUM

Key Information:

Vendor: WordPress
Status: Sunshine Photo Cart
Vendor: CVE Published:; 27 March 2024

What is CVE-2024-30194?

A vulnerability exists in the Sunshine Photo Cart by WP Sunshine, allowing for reflected cross-site scripting (XSS) attacks. This issue arises from the improper neutralization of input during web page generation, which could enable malicious actors to inject harmful scripts into web pages viewed by users. Users of affected versions of Sunshine Photo Cart, specifically those from n/a through 3.1.1, are at risk. It is crucial for users and administrators to apply necessary patches and implement security measures to mitigate potential exploitation of this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Sunshine Photo Cart <= 3.1.1

References

https://patchstack.com/database/vulnerability/sunshine-ph...

vdb-entry

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 27, 2024
Vulnerability Reserved
Mar 25, 2024

Credit

Dimas Maulana (Patchstack Alliance)

JSON

WordPress